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METHOD AND SYSTEM FOR FACILITATING A TRUSTED 
ON-LINE TRANSACTION BETWEEN BUSINESSES 
AND NETWORKED CONSUMERS 

FIELD OF THE INVENTION 

The present invention relates generally to the field of on-line systems for 
facilitating a transaction via a trusted network, and in particular, to a method and 
system for facilitating a trusted transaction between business entities and networked 
consumers. 

BACKGROUND OF THE INVENTION 

With the advent of the Internet, virtually anything can be bought, sold, or 
negotiated on-line. Currently, many Web portals offer products and/dr services to 
business entities and consumers. One serious problem facing many of these Web 
portals is in the area of security. Although some aspects of the security concerns 
have been resolved or at least reduced using various encryption or related 
technologies, many fraudulent transactions still occur because the current security- 
measures are generally inadequate to address certain types of security breaches. 

Currently, there are at least two major security issues in regard to on-line 
transactions. The first issue concerns confidentiality, that is, the ability to make a 
transaction without the transaction being known or intercepted by a third party. For . 
instance, when a consumer purchases a product or service on the Internet using a 
credit card (i.e., submitting the credit card number and other requested information 
to the seller), it is imperative that the transaction be confidential such that sensitive 
information such as the credit card number, expiration date, and the identity of the 
product or service purchased, not be revealed to unauthorized parties. This aspect 
of on-line security has been dealt with, and to large extent, resolved, through the 
encryption technology where the sensitive information is encoded to prevent third 
parties from reading the data, even if the data were to be intercepted. 
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The second security issue concerns authentication, that is, the ability to 
uniquely identify the individual who is making the transaction. For instance, taking 
the example above where a consumer purchases a product or service on the Internet 
using a credit card, it is imperative that the seller be able to determine that the 
5 person submitting the credit card information is actually the owner of the credit 
card, or a person authorized by the owner. Failure to do so means that the 
transaction can be made void by the actual owner. The ability to identify the 
individual protects against at least two types of fraudulent transactions. One type is 
the case where an unauthorized person uses the credit card number of others to 

10 purchase a good or service on the Internet. The other type is the case where an 
authorized person uses the credit card, but who later denies having made the 
transaction. It is a commonly known fact that many credit card transactions result in 
a default due to a seller's inability to properly authenticate the identity of the 
individual making the transaction. 

15 Currently, there are many authenticating devices and methods for uniquely 

identifying individuals which can presumably be used to prevent or limit the 
fraudulent transactions due to improper authentication. One such system is one 
employing digital certificate technology where a user obtains an encrypted file from 
a certificate authority who, before giving out the certificate in a special storage 

2 0 device such as a smart card, authenticates the user by requiring the user to produce 
an acceptable identification card. A special reader is then attached to the user's PC 
to read the digital certificate stored in the smart card. When a secure transaction 
needs to be made, the digital certificate is sent to the transacting party who then 
verifies the authenticity of the certificate and reads the information provided in the 

2 5 certificate such as the name of the person whom the certificate belongs to. 

The fingerprint identification system, on the other hand, employs a 
fingerprint reading device which is attached to a user's PC. Whenever a secure 
transaction- needs to be made, the user places a finger on the reader, and a digital 
image of the reader is sent to the transacting party. The image is then compared 

3 0 against a previously stored image in a database to identify the individual. 
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Although these devices may significantly reduce the on-line fraudulent 
transactions due to improper authentication, at this time, it is unrealistic to expect 
consumers to purchase such a device for the sole purpose of conducting a 
transaction over the Internet, especially, when alternative less-costly options such as 
5 offline purchases are available. In addition, because there are currently no single 
standard or device which is acceptable to all, purchasing such a device does not 
necessarily ensure that a trusted transaction would be possible. 

For these reasons, many types of transactions which can presumably occur 
on-line are still being done only through the traditional off-line mediums, though 

1 0 conceivably such transactions may be facilitated on the Internet if a trusted method 
of transaction not requiring the consumers to purchase such authenticating devices 
were to be available. While many types of transactions would fall under this 
category, one notable example is the transactions concerning group benefits plans 
which cater to business entities and other entities such as educational institutions, 

15 clubs or associations which have a large base of individuals, e.g. employees, 
students, club members, etc., who are associated with the entity. These benefits can 
include services such as insurance coverage of all types, e.g., medical, dental, life, 
travel; loans with below-market rates; mobile phone service plans; etc. The benefits 
can also include goods which are sold to the associated individuals at a discounted 

2 0 rate. 

A unique characteristic of the group benefits plans is that while the end 
product or service directly benefits the associated individuals, e.g., employees, club 
members, etc., the plans are negotiated by the entity whom the individuals are 
associated with. Take for instance, a company employing a large number of 

2 5 employees. A group benefits plan such as group insurance would be negotiated by 
the employer, i.e., the company, on behalf of the employees. By having control over 
a large pool of potential customers, the company is able to negotiate a better deal 
with the benefit provider than if the employees were to negotiate the benefit directly. 
Currently, most aspects of procuring and administering of group benefits are 

30 manual in nature. Namely, the employer would have to manually choose and 
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contact the group benefit provider and the group benefits plans are shown and 
negotiated off-line. Even after the plan is chosen, the details of the plan are 
generally presented to the employees in a manual manner. The shortcomings of 
such manual methods are many. First, because the company must manually select 
5 and contact each of group benefit providers and individually negotiate the plan, 
much time and resources are wasted, and thus, only a limited number of providers 
may be considered. And second, the administration of the benefits plan is 
inefficient because the employees must often communicate their choices and desires 
through the employer, even when; a direct contact between the benefit provider and 

1 0 the employees would be more sensible and efficient. 

While it can be appreciated that there is a need for system and method for 
* facilitating a trusted transaction between business entities and consumers, and one 
which can be used to efficiently transact group benefits plans, currently, no such 
systems are known to exist, and certainly, none which are both efficient and 

15 trustworthy. 

SUMMARY OF THE INVENTION 

It is therefore an object of the present invention to overcome the 

2 0 shortcomings as described above. 

The present invention establishes a trusted market place which allows goods 
and services to be transacted on the Internet between business entities and certain 
types of consumers called "networked consumers" who can be properly 
authenticated without requiring each to obtain an authenticating device or system. 
25 The market players are the business entities, the networked entities, and the 
networked consumers. In this market structure, a plurality of business entities have 
access to the market place, and they place details of goods and/or services to be sold 
on-line. The networked consumers can access the market place, but at least the 
registration must occur through the networked entities. Where the goods or services 

3 0 being offered by a business entity is a group benefits plan, the plan is first negotiated 
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by the networked entity before it is made available to the network consumers. By 
accessing the market place, the networked consumers can purchase goods and 
services provided by the business entities, make choices about group benefits plans, 
and conduct other transactions. Because authentication is done via the networked 
5 entities, no authentication device is needed by the networked consumers. 

The system for implementing the market structure comprises an 
administrator server which generally includes a server engine for performing various 
server functions; various databases for storing data relating to the business entities, 
networked entities, networked consumers, and the products and services being 

10 offered by the business entities; a plurality of Web pages which provide the 
necessary interfaces for facilitating the various transactions; and a security engine 
which performs various security functions including the function of authenticating 
the various parties accessing the server. The administrator's server is connected via 
the Internet to the business entities 1 PCs or servers which are coupled to an 

1 5 authenticating system. The servers of the networked entities are also connected via 
the Internet to the administrator server. The servers of the networked entities are 
also coupled to an authenticating system. ■ Each of the networked entities has a 
secure intra-network system which links its server to its networked consumers' PCs. 

c A general methodology employed in facilitating a trusted sale of a product or 

2 0 service using the present system begins by having the business entity first registers 
with the administrator preferably by accessing the administrator's Web site and 
entering the requested information. Once the business entity is properly registered, 
the business entity submits the details of the products and/or services to be sold to 
the networked consumers so that they may be published on the administrator's Web 

2 5 site. The networked entity then registers itself with the administrator. Next, the 

networked consumer registers himself at the administrator's Web site. Once 
properly registered, the registered consumer accesses the administrator's Web site, 
and makes selections of the goods and services he or she wishes to purchase. Next, 
a payment for the good and/or services is made or arranged to be made. Finally, the 

3 0 business entity delivers the selected product or performs the service. 
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In the case where the product or service being offered is a group benefits 
plan, the group benefits provider (GBP) first develops a general group benefits plan. 
Multiple plans may be created to suit the needs of different customers. Next, the 
GBP registers with the administrator preferably by accessing the administrator's 
5 Web site and entering the requested information. Once the GBP is properly 
registered, the GBP submits the details of the plans it has developed so that they 
may be published on the administrator's Web site for viewing by the networked 
entities. The networked entities, to be able to access the Web page containing the 
details of the plans, must first register with administrator. After a successful 

10 registration, the networked entity accesses the administrator's Web site and obtains 
the details of the group benefits plans submitted by the GBP. Then the network 
entity (most likely through its human resource personnel) contacts the GBP and 
negotiates a group benefits plan which is customized for its networked consumers. 
When a consensus is reached, the customized group benefits plan is endorsed by the 

1 5 networked entity. 

An embodiment of the present invention is a method facilitated by a 
computer network to accomplish a trusted transaction between a business entity and 
a networked consumer. The method provides an administrative server having a 
communications channel for electronically communicating with the business entity 

2 0 and having a communications channel for electronically communicating with a 

networked entity and the networked consumer. A business registration system is 
provided in the administrative server wherein the business entity can be 
authenticated and a unique identifier is assigned to the business entity (BEID), 
whereby the business entity is designated a registered business entity. The 
25 registered business entity is allowed to selectively access the administrative server 
to submit details of products and/or services provided by the registered business 
entity and to view selections made by the networked consumer wherein the 
administrative server will store the details of products and/or services provided by 
the registered business entity. A networked entity registration system is provided in 

3 0 the administrative server wherein the networked entity can be authenticated, 
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whereby the networked entity is designated a registered networked entity. A 
networked consumer registration system is provided in the administrative server 
whereby a networked consumer who has authorized access to a registered 
networked entity's system can be designated a registered consumer and assigned a 
5 unique registered consumer identifier (RCED), and whereby a registered consumer 
with a valid RCID will be allowed access to data provided by a registered business 
entity and to make selections on the data, the selections being stored in the 
administrative server. 

An another embodiment of the present invention is a method facilitated by a 

10 computer network to accomplish a trusted transaction of a group benefits plan 
involving a business entity, a networked entity, and a networked consumer. The 
method provides an administrative server having a communications channel for 
electronically communicating with the business entity and having a communications 
channel for electronically communicating with the networked entity and networked 

1 5 consumer. A business registration system is provided in the administrative server 
wherein the business entity can be authenticated and a unique identifier is assigned 
to the business entity (BEID), whereby the business entity is designated a registered 
business entity. The registered business entity is allowed to selectively access the 
administrative server to submit details of group benefits plans provided by the 

2 0 registered business entity and to view selections made by the networked consumer 
wherein the administrative server will store the details of the group benefits plans 
provided by the registered business entity. A networked entity registration system is 
provided in the administrative server wherein the networked entity can be 
authenticated and a unique identifier is assigned to the networked entity (NEID), 

2 5 whereby the networked entity is designated a registered networked entity. The 

registered networked entity is allowed to selectively access the details of the group 
benefits plans provided by a registered business entity and to endorse the group 
benefits plans wherein the administrative server will store the group benefits plans 
endorsed by the networked entity. A networked consumer registration system is 

3 0 provided in the administrative server whereby a networked consumer who has 
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authorized access to a registered networked entity's system can be designated a 
registered consumer and assigned a unique registered consumer identifier (RCID), 
and whereby a registered consumer with a valid RCID will be allowed access to the 
endorsed group benefits plans and will be allowed to make selections on the 
5 endorsed group benefits plans. 

In another embodiment of the present invention, an administrative server 
apparatus for facilitating a trusted transaction between a business entity and a 
networked consumer comprises a communication mechanism for allowing the 
administrative server to electronically communicate with the business entity and a 
. :10 communication mechanism for allowing the administrative server to electronically 
communicate with a networked entity and the networked consumer. A business 
registration mechanism is provided wherein the business entity can be authenticated 
and a unique identifier is assigned to the business entity (BEID), whereby the 
business entity is designated a registered business entity. Also provided is a 

1 5 mechanism provided for allowing the registered business entity to selectively access 
the administrative server to. submit details of products and/or services provided by 
the registered business entity and to view selections made by the networked 
consumer, and a storage device for storing the details of products and/or services 

- provided by the registered business entity. In addition a networked entity 
; 2 0 registration mechanism is provided wherein the networked entity can be 
authenticated, whereby the networked entity is designated a registered networked 
entity. Further provided is a networked consumer registration mechanism whereby 
a networked consumer having authorized access to a registered networked entity's 
system can be designated a registered consumer and assigned a unique registered 

25 consumer identifier (RCID), and whereby a registered consumer with a valid RCID 
will be allowed access to data provided by a registered business entity and make 
selections on the data, the selections being stored in the storage device of the 
administrative server apparatus. 

In another embodiment of the present invention, the system under the control 

3 0 of a business entity facilitating a trusted transaction with a networked consumer 
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comprises a business entity server. Also provided is an electronic communicating 
mechanism for providing the business entity server access to a server-to-server 
electronic communication channel. Further provided is an authenticating system 
coupled to said business entity server for facilitating an authentication process of the 
5 business entity when said networked entity server is accessing the electronic 
communication channel. Further provided is a mechanism for outputting 
registration information wherein the ouputting of the registration information 
initiates the authentication process of the business entity, and for receiving a 
business entity identifier, wherein outputting the business entity identifier allows 

10 details of products and/or services to be outputted to the electronic communication - 
channel and further allows selections of products and/or services made by the 
networked consumer to be received from the electronic communication channel. 

In another embodiment of the present invention, a system under the control 
of a networked entity facilitating a trusted transaction between a business entity and 

15 a networked consumer, comprises a networked entity server. A system facilitates 
an electronic connection of the networked entity server to a PC via a network 
system. A communication mechanism is provided for providing networked entity 
server access to a server-to-server electronic communication channel. Also 
provided is an authenticating system coupled to the networked entity server for 

2 0 facilitating an authentication process of the networked entity when the networked 
entity server is accessing the electronic communication channel. Further provided is 
a mechanism for outputting networked entity registration information and for 
receiving a networked entity identifier, wherein the outputting of the networked 
entity registration information initiates the authentication process. Future provided 

2 5 is a mechanism for allowing the networked PC to access the electronic 
communication channel to output networked consumer registration information 
wherein the outputting of the networked consumer registration information initiates 
the authentication process of the networked entity, and for allowing the networked 
PC to receive a registered consumer identifier wherein an outputting of the 
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registered consumer identifier allows the networked PC to receive details of 
products and/or services and to make selections on the products and/or services. 

BRIEF DESCRIPTION OF THE DRAWINGS 

5 

Figure 1 is a symbolic diagram illustrating the relationships among the 
various parties using the trusted market place of the present invention. 

Figure 2 is a block diagram illustrating the overall system for implementing 
the trusted market place shown in Figure 1 . 
10 Figure 3 is a block diagram illustrating another embodiment to the system 

shown in Figure 1 . 

Figure 4 is a block diagram illustrating the mechanism for allowing 
registered consumers to access the trusted market place of Figure 1 without 
accessing through a networked entity. 
15 Figure 5 illustrates the overview process flow for transacting a sale and 

purchase of goods and services using the system shown in Figure 1 or 2. 

Figure 6 illustrates the overview process flow for transacting a deal 
involving group benefits plan using the system shown in Figure 1 or 2. 

Figure 7 illustrates the overview process flow for establishing a trusted 
2 0 communication channel between the administrator's server and a business entity or 
networked entity during registration. 

Figure 8 illustrates the overview process flow for establishing a trusted 
communication channel between the administrator's server and a networked 
consumer during registration. 

2 5 Figure 9 illustrates the interface for allowing a business entity to submit 

details of its products and services to be offered using the present system. 

Figure 10 illustrates the interface for allowing a group benefits provider to 
submit details of its group benefits plan to be offered using the present system. 

Figure 1 1 illustrates the interface for allowing the networked entity to view 

3 0 the pre-negotiated group benefits plan details. 
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Figure 12 illustrates the interface for allowing the networked entity to view 
the negotiated group benefits plan details. 

Figure 13 illustrates the interface for allowing a group benefits provider to 
configure a group benefits plan for a particular networked entity based on the 
5 outcome of its negotiation with the networked entity. 

Figure 14 illustrates the interface for allowing the registered consumers to 
view the endorsed group benefits plan details. 

Figure 15 illustrates the interface for allowing the registered consumers to 
view the details of a product and/or service. 
10 Figure 16 illustrates the interface for allowing the business entity to choose 

among the several options as shown. 

Figure 17 illustrates the interface for allowing the networked entity to choose 
among the several options as shown. 

Figure 18 illustrates the interface for allowing the networked consumer to 
15 choose between the two options as shown. 

DETAILED DESCRIPTION OF THE INVENTION 

As illustrated in Figure 1, the present invention establishes a trusted market 
2 0 place 5 which allows goods and services to be transacted on the Internet between 
businesses and a certain type of consumers called the "networked consumers" who 
can be properly authenticated without requiring each to obtain an authenticating 
device. The market players are the business entities 7, the networked entities 9, and 
the networked consumers 11. In this market structure, a plurality of business 

2 5 entities 7 have access to the market place, and they place details of goods and/or 

services to be sold on-line. The networked consumers 11 can access the market 
place 5, but at least the registration must be made through the networked entities 9. 
Where the goods or services being offered by a business entity 7 is a group benefits 
plan, the plan is first negotiated by the networked entity 9 before it is made available 

3 0 to the network consumers 11. By accessing the market place 5, the networked 
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consumers 1 1 can purchase goods and services provided by the business entities 7, 
make choices about group benefits plans, and conduct other transactions. Because 
authentication is done via the networked entities 9, no authentication device or 
system is needed by the networked consumers 1 1 . 
5 Although virtually any type of business can be part of the current system, 

frequent references will be made to the transaction of group benefits plans as a way 
of fully and clearly describing the present invention. However, it should be 
understood to those skilled in the art that other types of businesses may utilize the 
present system for transacting other types of goods and services. In general, the 

10 business entities can be providers of virtually any goods and/or services. For 
instance, they can be sellers of books, electronic products, gifts, etc. In the service 
industry, the business entities can be insurance companies, banks, 
telecommunications providers, etc. 

The business entities which offer their goods or services as a group benefits 

15 plan will be called the group benefits providers (GBPs). A unique characteristic of a 
group benefits plan is that it is sold to and negotiated by the entity representing a 
group rather than the members of the group themselves. A common example of a 
traditional GBP would be insurance companies providing group coverage on life, 
health, and other types of insurance to employers having certain threshold number 

2 0 of employees. The group insurance is purchased and negotiated by the company, 
not its employees. The GBP, in the context of the present invention, can also be 
providers of other types of services such as telecommunication companies, Internet 
service providers, and banks. Moreover, the GBP can also be providers of products 
such as household items, foods, electronics goods, gifts, etc. Essentially, any 

2 5 business entities which can offer any service or product in exchange for an agreed 

form and quantity of consideration may be deemed a GBP. 

The networked entities 9 can be any entity which has a group of associated 
individuals, called networked consumers 11, who are networked through a central, 
secure intra-network system. Alternatively, the networked consumers may be 

3 0 networked via the Internet provided certain authentication criteria are met. A 
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common example of a networked entity would be a corporation employing a large 
number of employees who have access to a PC which is part of the company's 
secure intra-network system. Other examples are educational institutions, clubs, 
religious groups, or associations which provide access to their servers only to the 
5 : members who are registered with their system. 

Similar to the traditional * group benefits plans sold off-line, the group 
benefits plans which are transacted using the present system directly benefit the 
networked consumers. However, the plans are negotiated by the networked entities 
on behalf of the networked consumers. The networked consumers, however, can 

10 make certain decisions about the group benefits plans by accessing the market place 
Web site through their PCs after they are properly registered the system. 

Figure 2 illustrates the preferred system 1 for implementing the market 
structure shown in Figure 1. As shown, the system 1 comprises the administrator 
server 13 which generally includes a server engine 14 for performing various server 

15 functions; various databases 16; a plurality of Web pages 18 which provide the 
necessary interfaces for facilitating the various transactions; and a security engine 20 
which performs various security functions including the function of authenticating 
the various parties accessing the server 13. In the preferred embodiment, the security 
engine 20 utilizes a digital certificate authentication system where the authentication 

2 0 is performed by exchanging digital certificates with the transacting parties. The 
administrator's server 13 is connected via the Internet to the business entities 1 PCs or 
servers 15 which are coupled to an authenticating system 12. The servers 19 of the 
' networked entities 17 are also connected via the Internet to the administrator server 
13. The servers 19 of the networked entities 17 are also coupled to an authenticating 

2 5 system 21. Each of the networked entities 17 has a secure intra-network system 23 

which links its server 19 to its networked consumers' PCs 25. 

The databases 16 store data relating to the registration and other information 
relating to the business entities, networked entities, and networked consumers. 
They also store the details of products and ^services being offered by the business 

3 0 . entities; the details of group benefits plans offered by the GBPs; various negotiated 
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and endorsed versions of the group benefits plans; the various selections made by 
the business entities 11, networked entities 17, and networked consumers 25; 
payment details; and other details relating to the transactions as well as the 
administration of the transactions. 
5 The intra-network system 23 may come in many forms. The most common 

is a local area network (LAN) which is a short distance network used to link a group 
of computers together within a building. An another type of an intra-network 
system is a wide area network (WAN) which is a network having a wider area 
. coverage than the LAN. WAN can be used to interconnect a plurality of LANs. In 
10 v the preferred embodiment of the present system, a LAN system is used where a 
password and an ID is required for access. The users of the LAN system should also 
have a unique e-mail account, and the e-mail address should have a domain name 
which matches that of the server 19. 

In another embodiment, as illustrated in Figure 3, the intra-network system 
15 23 is, not required. In this embodiment, the networked consumers 27 associated 
... with the networked entity 17 are networked through the Internet 24, preferably via a 
secure socket layer channel. Preferably, the networked entity 17 should require a 
networked consumer identifier such as a login ID and password for the networked 
consumers 27 to be able to access the server 19, and the login ID and the password 

2 0 should be provided to the networked consumers 27 in a secure manner. It is further 

preferred that the networked consumers 27 have a certain relationship with the 
networked entity which requires the networked consumer to be authenticated to the 
networked entity. 

For example, a networked consumer who is networked via the Internet can 
25 be an account holder of a bank where the bank provides a Web portal (or a Web 
page) which is only accessible by account holders. ,In this situation, the account 
holders are bound to be well authenticated because banks typically require some 
authentication before an account can be opened. Moreover, if the bank were to have 
a Web portal which allows the account holder to make bank transactions through the 

3 0 Internet, unique identifiers are typically provided which may comprise particulars 
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such as account number, account name, pin number (or password), etc. These 
particulars are typically provided to the account holder in a secure way such as in 
person or by mail. 

Although in the embodiments shown in Figures 2 and 3 the business entities 
5 11 utilize an authenticating system 12, in an another embodiment of the present 
invention, the business entities 1 1 are not required to have an authenticating system, 
or at least only an option is given to the business entities 1 1 to have such a system. 
In the embodiment where an authenticating system is not used, the authentication is 
performed offline by the operators of the administrative server 13. Various offline 
1 0 authentication methods are possible, and are generally well known to those skilled 
. in the art. For instance, the operator may call the business entities, research them 
through public records, or visit the business entities' sites. Other methods are 
clearly possible. Yet in another embodiment, no formal authentication is performed 
at all. 

15 The confidentiality aspect of the security in the preferred embodiment of the 

present invention is addressed by deploying the well known and well utilized 2-way 
secure socket layer (SSL) channel 22 between the business entity PC or server 15 
and the administrator's server 13. The 2-way SSL channel is also used in the 
communication between administrator's server 13 and the networked entities server 

2 0 19. In the preferred embodiment, asymmetric 2-way 40-bit/128 bit encryption is 

used. Although the use of an SSL channel is preferred, it should be understood that 
it is possible to implement the present system without employing the SSL channel, 
or a channel employing other types of security technologies. 

At least for certain types of transactions between the administrator 13 and 
25 the various parties, i.e., business entities, networked entities, and networked 
consumers, the authenticating systems 12 and 21 are used to authenticate the 
business entities and the networked entities, respectively. In the preferred 
embodiment, the authenticating systems 12 and 21 employ the digital certificate 
authentication protocol which is generally well known to those skilled in the art. 

3 0 Generally, the digital certificate authentication process entails each of the 
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transacting parties obtaining a digital certificate (which is basically an encrypted file 
containing information about the owner of the certificate) from a certificate 
authority before any transaction is conducted. When a trusted transaction needs to 
be performed, the transacting parties electronically exchange the certificates, and 

> 5 after authenticating that the certificate is genuine, reads the contents of the 

> certificate to verify the identify of the certificate owner. 

A general overview of the methodology employed in facilitating a trusted 
sale of a product or service using the system 1 of Figure 2 or system 3 of Figure 3 is 
shown in Figure 5. In step 30, the business entity first registers with the 
10 administrator preferably by accessing the administrator's Web site and entering the 
requested information. In step 35, once the business entity is properly registered, the 
business entity submits the details of the products and/or services to be sold to the 
networked consumers so that they may be published on the administrator's Web site. 
In step 40, the networked entity registers itself with the administrator. In step 45, 

; 15 the networked consumer registers himself at the administrator's Web site. Once 

"r properly registered, in step 50, the registered consumer accesses the administrator's 
Web site, and makes selections of the goods and services he or she wishes to 
purchase. In step 55, a payment for the good and/or services is made or arranged to 

r : be made. In step 60, the business entity delivers the selected product or performs 

: 2 0 the service. 

In the case where the product or service being offered is a group benefits 
plan, the general methodology is a little different, and is shown in Figure 6. 
Referring to Figure 6, in step 80, the group benefits provider (GBP) first develops a 
general group benefits plan. Multiple plans may be created to suit the needs of 

2 5 different customers. In step 85, the GBP registers with the administrator preferably 

by accessing the administrator's Web site and entering the requested information. In 
step 90, once the GBP is properly registered, the GBP submits the details of the 
plans it has developed so that they may be published on the administrator's Web site 
for viewing by the networked entities. The networked entities, to be able to access 

3 0 the Web page containing the details of the plans, must first register with the 
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administrator which is performed in step 95. After a successful registration, in step 
100, the networked entity accesses the administrator's Web site and obtains the 
details of the group benefits plans submitted by the GBP. In step 105, the 
networked entity (most likely through its human resource personnel) contacts the 
5 GBP and negotiates a group benefits plan which is customized for its networked 
consumers. When a consensus is reached, the customized group benefits plan is 
endorsed by the networked entity. 

Still referring to Figure 6, in step 110, the details of the endorsed group 
benefits plan are made available on the administrator's Web site. In step 115, the 

1 0 networked entity informs its networked consumers of the group benefits plan. ■ 
Various methods may be employed for relaying the message to the employees, 
including e-mails, inter-office memorandums, brochures, telephone calls, etc. In 
step 120, the networked consumer registers himself at the administrator's Web site. 
Once properly registered, in step 125, the networked consumer accesses the 

15 administrator's Web site, and makes selections specific to the needs and wants of the ; 
individual networked consumer. In step 130, the GBP fulfills its obligations 
(whether they be performance of service or delivery of goods) made under the group * 
benefits plan. In step 135, the networked entity makes a payment to the GBP. 

To ensure that the networked entity's server 19 properly interfaces with 

2 0 administrator's server 13, some configuration of the networked entity's system may 
initially be needed by the personnel of the administrator 13. In the preferred 
embodiment, a custom Web page is provided in the networked entity's server 19 
which its networked consumers 25, 27 must access before being re-routed to the 
administrator's server 13. This would ensure proper control of the access to the 

2 5 administrator's Web pages 18 by the networked consumers 25, 27 so that no 

unauthorized actions on behalf of the networked entity 17 is performed by the 
networked consumers 25, 27. The configuration may include providing special 
access for the PCs being used by the network entity's representative. This could be 
accomplished, for instance, by setting a cookie in the PCs and thus future access 

3 0 instances by the networked entity's representative are checked to have been done 
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from the specified PCs. The setting and checking of the cookies, thus, tightens the 
security around the access by the networked entity's representative. Alternatively, 
or in conjunction with the setting of the cookies, a special access code may be 
provided to the network entity's representative to allow him/her to access the Web 
5 pages (whether located on the networked entity's server 19 or the administrator 
server 13) to perform the various administrative functions, e.g., registration of the 
networked entity, on behalf of the networked entity. 

The registration of the business entity 11 and the networked entity 17 in 
steps 85 and 95 of Figure 6, respectively, is performed on a trusted communication 

1 0 channel. Figure 7 illustrates the preferred methodology for registering the business 
entity and the networked entity on a trusted communication channel between the 
<, business entity PC or server 15 and the administrator's server 13, and between the 
networked entity's server 19 and the administrator's server 13. Referring to Figure 
7, in step 150, the business entity or networked entity accesses the administrator's 

15 Web site and selects 'Registration'. The security engine 20 of the administrator's 
server 13 authenticates the business entity or networked entity by exchanging the 
digital certificates via the authenticating devices 12 and 21. In step 160, when the 
digital certificate is received, the security engine 20 reads the name of the owner of 
. the certificate, and if the digital certificate is sent by a server, then the domain name 

2 0 of the server. If the digital certificate is authenticated, the administrator server 
allows the business entity or networked entity to register in step 165. In step 170, 
the business entity or networked entity enters its particulars which includes the e- 
mail address of the contact person. The e-mail address serves as the login ID for the 
business entity or the networked entity. If applicable, a check is performed in step 

2 5 175 to ensure that the domain name of the entered e-mail matches that found in the 
digital certificate, and that the e-mail address is still valid. In step 180, the 
administrator e-mails to the business entity or networked entity a password. All of 
the entered information is properly stored in the databases and classified under the 
respective parties. 
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Because each business entity and networked entity has an authenticating 
system, e.g., digital certificate system, authenticating the business entity and the 
networked entity is a straightforward process. On the other hand, authenticating 
each of the networked consumers is not as straightforward because the networked 
5 consumers 1 PCs do not individually have an authenticating system. Figure 8, 
therefore, illustrates the general methodology for establishing a trusted 
communication channel between the administrator server 13 and the networked 
consumers 1 PCs 25 during the registration of the networked consumer. 

Referring to Figure 8, in step 200, the networked consumer uses his 

10 networked PC to log into the networked entity's intra-network system or the 
Internet. In step 205, the networked consumer accesses a specified Web page 
provided by the networked entity's server, which in most cases, will be custom 
developed by the operating personnel of the administrator server, and selects 
'Registration'. For those networked consumers using the Internet, an entry of proper 

15 login ID and/or password may be required. In step 210, the networked entity's Web 
page redirects the networked consumer to administrator's registration Web page. In 
step 215, the administrator authenticates the networked entity's server by 
exchanging the digital certificates and authenticating the one sent by the networked 
entity's server. The administrator also reads the name of the owner of the certificate 

2 0 and the domain name of the server which sent the certificate. In step 220, if the 
networked entity's server is properly authenticated, then the administrator allows the 
networked consumer to register. In step 225, the networked consumer enters his/her 
particulars including his/her e-mail address which will serve as his/her login ID. In 
step 230, if the networked consumer is part of an intra-network system, the 

2 5 administrator checks the entered e-mail address to ensure that the domain name 
matches that which was read from the digital certificate. The administrator checks 
to make certain that the e-mail is still valid using one of several commonly available 
techniques. In step 235, the administrator e-mails to the networked consumer his/her 
password. All of the entered information is properly stored in the databases. The 
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registration process is now completed, and the registered networked consumer will 
be able to access the administrator's server using the login ID and password. 

After the registration process, the networked consumers 25, 27 are presumed 
to be authenticated. In doing so, some reliance is placed on the networked 
5 consumers' ability to access the secure intra-network system 23, or in the case of 
. networked consumers using the system 3, the networked consumers' ability to 
access the Web site of the networked entity using the login ID and password 
provided by the networked entity. 

Once the networked consumers have been properly registered with the 
10 administrator's system 13, the "registered consumers" need not go through the 
networked entity 17 to access the administrator's Web sites 18, though the access 
through this method is certainly still possible. Figure 4 illustrates a system 2 which 
allows the registered consumers 26 to directly access the administrator's Web pages 
18. As shown, the registered consumers' PCs 26 are now directly connected to the 
15 administrator's server 13 via the Internet preferably through an SSL channel. By 
providing the correct login ID and password which are assigned to the registered 
consumer 26, the registered consumers 26 are now able to access the administrator's 
Web pages 1 8 and make choices on purchases of goods and services and on group 
benefits plans. 

2 0 It should be understood that the term "registered consumer" will generally 

refer to any networked consumer who is properly registered with the administrator 
13, and not necessarily to those that are accessing the administrator's server 13 via 
the system 2 shown in Figure 4, i.e., access without going through a networked 
entity. Registered consumers can equally access the administrator's server 13 via 

2 5 the system 1 shown in Figure 2 or the system 3 shown in Figure 3. Also, the term 
"networked consumer" generally refers to a consumer who is properly networked 
with a networked entity whether via the network shown in Figure 2 or Figure 3, and, 
unless otherwise stated or implied, does not necessarily define or imply anything 
about the consumer's registration status or network status. 
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The submission of the details of the products or services in step 35 of Figure 
5 or group benefits plans in step 90 of Figure 6 is accomplished through an 
interface, a Web page, provided on the administrator's Web site. To access this 
Web page, the business entity accesses the home page of the administrator's Web 
5 site which asks the user to choose among three choices: 1) Goods and Services 
provider; 2) Networked Entity; and 3) Networked Consumer. The business entity 
: would choose item 1). The business entity would then be required to enter its login 
ID and its password. The login ID would be the e-mail address of the contact person 
the business entity had entered during its registration. Multiple IDs corresponding 
10: to several contact persons may be allowed. The password is the one which was sent 
i by the administrator to the contact person's e-mail address. The administrator 
matches the entered login ID and the password against its record in the databases 16, 
and if a proper match is found, then the administrator allows the business entity to 
access the next Web page 600 of Figure 16 which provides the business entity a 
15 choice of the following: 

1 . Submit Details of Products/Services 

2. Submit Details of Group Benefits Plan 

3. Configure the Group Benefits Plan 

2 0 4. See the List of Submitted Products/Services 

or Group Benefits Plans 

5. View the List of Selected Products/Services 

6. View the List of Selected Group Benefits Plans 

2 5 Generally, choosing item 1, 605, allows the business entity to submit details 

about general products and/or services which are not part of a group benefits plan 
and which do not need to be negotiated with the networked entity before being made 
available to networked consumers. Choosing item 2, 610, allows the business entity 
to submit details about group benefits plans which do need to be negotiated with the 

3 0 networked entity. Choosing item 3, 615, allows the business entity to configure a 
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plan to meet the terms as negotiated with the networked entity. Choosing item 4, 
620, allows the business entity to see a list of submitted details for all 
products/services and group benefits plans. Choosing item 5, 625, allows the 
business entity to see a list of products/services which have been selected for 
5 purchase by the networked consumers. Choosing item 6, 630, allows the business 
entity to see a list of group benefits plans which have been negotiated and/or 
endorsed by the networked entity, and the endorsed group benefits plans which have 
been selected by the networked consumers. 

When any of the above choices are selected, the business entity is shown a 

10 list of industries such as insurance, banking, telecommunications, etc. one of which 
the business entity selects. If item 1, 605, above is selected, then the business entity 
is shown the Web page 245 as illustrated in Figure 9. Although, in this case, the 
telecommunication industry was chosen, the interfaces for the other industries are 
generally the same. The Web page 245 basically comprises a field for the 

15 product/service 250, price 255, detailed description of the product/service 260, and 
optionally, the market value of the product/service 265. The field 250 requires an 
input of the name of the product/service. The field 255 requires an input of the 
price the business entity is charging for the product/service. Presumably, the price 
may be discounted from the normal market price since the payment default rate will 

2 0 be lower due to the authentication feature provided by the present system. The field 
260 requires an input of the detailed description of the product/service. The field 
265, if provided, requires an input of the price of the product/service being offered 
in the market without a discount. The particulars of additional products/services 
may be entered by selecting the "Next" 270 option at the bottom of the Web page 

2 5 245. All of the entered information is stored in the databases 16 and properly 

categorized under the respective business entities and industries. Moreover, each of 
the products/services is assigned a unique Product/Service Identifier 
(Product/Service ID) which is also stored in the databases 16. 

. .Figure 10 illustrates the Web page 295 that appears when item 2 above is 

3 0 selected by the business entity. Although, in this case, the insurance industry was 
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chosen, the interfaces for the other industries are generally the same. The Web page 
295 basically comprises a field for the title of the group benefits plan 300, price 305, 
detailed description of the plan 310, and optionally, the market value of the plan 
315. The field 300 requires an input of the name of the group benefits plan. The 
5 field 305 requires an input of the price the business entity is charging for the group 
benefits plan. Presumably, the price may be discounted from the normal market 
price since the payment default rate will be lower due to the authentication provided 
by the present system. The field 310 requires an input of the detailed description of 
the plan. The field 315, if provided, requires an input of the price of the plan being 

10 offered in the market without a discount. The particulars of additional plans may be 
entered by selecting the "Next" 320 option at the bottom of the Web page. All of the 
entered information is stored in the databases 16 and properly categorized under the 
respective business entities and industries. Moreover, each of the plans is assigned 
a unique Plan Identifier (Plan ID) which is also stored in the databases 16. 

15 In addition to the information described above, the Web page 295 of Figure 

10 may provide "advertisements" in an attempt to "cross-sell" or "up-sell" some of 
its other goods or services which may or may not be part of the plan. For instance, 
take a situation where the group benefits plan involves a basic mobile phone service 
where a monthly fee is charged. The basic service includes 120 minutes for "free" 

2 0 (i.e., no additional per-minute charges) but voice mail is not included. As a "cross- 
sell", the business entity may provide information about mobile phones, or other 
products related to a mobile phone subscription service. As an "up-sell", the 
business entity may provide information about a plan that includes unlimited 
minutes for free and a voice mail service. Alternatively, the Web page 295 may 

2 5 simply provide a hyperlink to another Web page which provides the information 

about cross-sell and up-sell products. 

When the item 3, 615, above is selected, the business entity is shown a Web 
page 395 of Figure 13 which allows the business entity operator to configure a 
group benefits plan to meet the specific needs and wants of a particular networked 

3 0 entity. The details of this plan configurator is shown and described further below. 
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When the item 4, 620, is selected, the business entity operator is shown a list 
of the submitted products/services and group benefits plans. By selecting an item 
on the list, the business entity is shown the details of the submitted information 
relating to the chosen product/service or group benefits plan. An option may be 
5 provided to allow the business entity to make changes to the listing or add additional 
products/services or plans. 

For the items which were entered from the Web page 245 shown in Figure 9, 
they are immediately provided for viewing and for purchase to the networked 
consumer because generally no negotiations are needed between the business entity 
..-10 operator and the networked entities. On the other hand, the group benefits plans 
which: were entered from the Web page 295 shown in Figure 10 must first be 
endorsed by a networked entity before they are available to the networked 
consumers. Therefore, the pre-negotiated versions of the plans are only available 
for viewing by the networked entities. 
15 To access these pre-negotiated plans, the networked entity accesses the home 

page, of the administrator's Web site which asks the user to choose among three 
choices: 1) Goods and Services provider; 2) Networked Entity; and 3) Networked 
Consumer. The networked entity would choose item 2). The business entity would 
then be required to enter its login ID and its password. The login ID would be the e- 

2 0 mail address of the contact person the networked entity had entered during its 
v registration. The password is the one which was sent by the administrator to the 

contact person's e-mail address, though it may be changed later by the user. The 
administrator matches the entered login ID and the password against its records in 
the databases 16, and if a proper match is found, then the administrator allows the 
25 networked entity to access the next Web page 650 of Figure 17 which provides the 
networked entity a choice of the following: 

1 . View the List of Products/Services 

2. View the List of Pre-Negotiated Group Benefits Plans 

3 0 3. View the List of Negotiated Group Benefits Plans 
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3. View the List Endorsed Group Benefits Plans 

When any of the above choices are selected, the networked entity is shown a 
list of industries such as insurance, banking, telecommunications, etc. one of which 
5 the.networked entity selects. If item 1, 655, is selected, then the networked entity is 
shown a list of business entities which have submitted details of products/services 
under the industry chosen. This list is generally available to any networked entity 
registered with the system and is not specific to any one particular networked entity. 
The list is also available to any registered networked consumers from any registered 
1 0 networked entity. 

If item 2, 660, is selected, then the networked entity is shown a list of 
business entities which have submitted details of group benefits plans under the 
industry chosen which have not been negotiated or endorsed by the networked 
entity. This list is generally available to any networked entity registered with the 
1 5 system and is not specific to any one particular networked entity. 

If item 3, 665, is selected, then the networked entity is shown a list of 
business entities that have submitted details of group benefits plans under the 
industry chosen which have been negotiated by the parties and configured by the ' 
business entity, but which have not been "endorsed" by the networked entity. This 
2 0 list is specific to the particular networked entity making the selection, and is not 
available to the other networked entities or any of the networked consumers. 

If item 4, 670, is selected, then the networked entity is shown a list of 
business entities that have submitted details of group benefits plans under the 
industry chosen which have been "endorsed" by the networked entity. This list is 

2 5 specific to the particular networked entity making the selection, and is not available 

to the other networked entities, but is made available to the networked consumers 
belonging the networked entity that has endorsed the plans. 

Assuming now that the networked entity has chosen item 2, 660, (View the 
List of Pre-Negotiated Group Benefits Plans), and chosen an industry, e.g. 

3 0 telecommunication, the networked entity is shown a list of group benefits providers 
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(GBPs) that have provided details of group benefits plans. When a particular GBP 
is chosen off the list, the networked entity is shown a Web page 340 as illustrated in 
Figure 1 1 (including some sample data for illustrative purposes only). The Web 
page provides in general the plan ID 345, here 1234567XYZ; the industry 350, here 
5 telecommunications; the name and contact information of the provider 355, here 
XYZ Telecommunication Company (no sample contact particulars); the title of the 
plan 360, here Plan X; the price of the plan 365, here $50/mo.; the detailed 
description of the plan 370 (no sample data provided); and the market value of the 
plan 375 (if provided by the provider) here $70/mo. 

10 If the networked entity is interested in the plan, the networked entity 

(through its human resources manager or other representative) contacts the GBP and 
negotiates and customizes the plan to meet the needs and wants of the networked 
entity on behalf its networked consumers. Typically, the negotiated terms may 
involve price where further discount may be requested by the networked entity. If 

15 the details of the plan itself need to be modified, the GBP may have to create a new 
plan and submit it to the system. 

When the terms and conditions have been reached, the business entity 
accesses the Web page 600 of Figure 16 and selects item 3, 615. The business 
entity is shown a list of the pre-negotiated group benefits plans it had submitted. 

2 0 The business entity selects the plan which had been the topic of the negotiation. 
When selected, a plan configurator interface is shown as illustrated in Figure 13. 
The plan configurator page 395 includes the basic information relating to the plan in 
its pre-negotiated form including the plan ID 400, the industry 405, provider/contact 
info. 410, plan title 415, price of plan 420, detailed description of the plan, market 

2 5 value of the plan 435. The data for the heading Price of Plan 420 is provided within 
a modifiable field 425. Generally, most of the data provided is not modifiable 
except that which is provided in a field. The configurator, thus, allows the business 
entity to change the figure in the Price of Plan data field 425 to reflect the negotiated 
price. 
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The configurator further includes the heading Negotiated Party's ID 440 and 
a field 445 for entering the information. In this field 445, the business entity enters 
the identifier for the networked entity whom it had negotiated the plan with. Once 
all of the information has been entered and reviewed, the heading Submit 450 is 
5 chosen. 

When the information is submitted, it is deemed to have been negotiated 
(but not yet endorsed) which can now be viewed by the networked entity by 
choosing the option 3, 665, "View the list Negotiated Group Benefits Plans" of 
Figure 17. This option allows the networked entity to view the list of all of the 

1 0 group benefits plans which have been negotiated by the networked entity. Note that 
several GBPs may have submitted negotiated plans which are available for the 
networked entity's choosing. Once the networked entity has had an opportunity to 
review all of the negotiated plans, it can endorse the plan or plans which best meet 
its requirements. Because this list is specific to each networked entity, it is only 

15 available for viewing for the networked entity having the identifier which matches 
the one entered by the business entity in Figure 1 3 when the authentication process 
is performed. 

When the networked entity is ready to endorse a plan or plans, it selects 
option 3, 665, "View the list Negotiated Group Benefits Plans" of Figure 14, and 
2 0 selects one of the plans shown on the list. The networked entity is then shown the 
Web page 900 of Figure 12 (including some sample data for illustrative purposes 
only). The Web page 900 provides in general the networked entity identifier 905, 
here 45678LMO; plan ID 910, here 1234567XYZ; the industry 915, here 
telecommunications; the name and contact information of the provider 920, here 

2 5 XYZ Telecommunication Company (no sample contact particulars); the title of the 

plan 925, here Plan X; the negotiated price of the plan 930, here $40/mo.; the 
detailed description of the plan 935 (no sample data provided); and the market value 
of the plan 940 (if provided by the provider) here $70/mo. Additionally, the Web 
page 900 is provided with the heading "Endorse" 945 which, when selected, 

3 0 converts the negotiated plan into an endorsed plan. 
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After a group benefits plan has been endorsed by the networked entity, the 
registered consumers 26 are able to make decisions on the plan. To access the Web 
page showing the endorsed plan, the registered consumer accesses the home page of 
the administrator's Web site which asks the user to choose among three choices: 1) 
5 Goods and Service provider; 2) Networked Entity; and 3) Consumer. The registered 
consumer would choose item 3). The registered consumer 26 would then be 
required to enter its login ID and its password. The login ID would be the e-mail 
address the registered consumer had entered during its registration. The password is 
the one which was sent by the < administrator to the registered consumer's e-mail 
10 address, though an option may be provided to later change the password. The 
; *-3 administrator matches the entered login ID and the password against its record in the 

\j databases 16, and if a proper match is found, then the administrator allows the 

*'t registered consumer to access the next Web page 700 of Figure 18 which provides 

id the business entity a choice of the following: 

^ 15 

J J 1 . View the List of Products and Services 

fy 2. View the List of Endorsed Group Benefits Plans 

O 

C3 When either of the above choices is selected, the registered consumer is 

2 0 shown a list of industries such as insurance, banking, telecommunications, etc. one 
of which the registered consumer selects. If item 1, 705, is selected, then the 
registered consumer is shown a list of business entities which have submitted details 
of products/services under the industry chosen. This list is generally available to any 
registered networked entity 17 and registered consumers and is not specific to any 

2 5 one particular party. 

If item 2, 710, is selected, then the registered consumer is shown a list of 
group benefits plans under the industry chosen which have been endorsed by the 
networked entity. This list is specific to the particular networked entity which the 
registered consumer is a member of, and is not available to the registered consumers 

3 0 that belong to other networked entities. 
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Assuming now that the registered consumer has chosen item 2, 710, (View 
the List of Endorsed Group Benefits Plans), and chosen an industry, e.g. 
telecommunication, the networked entity is shown a list of group benefits providers 
(GBPs) that have provided details of group benefits plans. When a particular GBP 
5 is chosen off the list, the networked entity is shown a Web page 490 as illustrated in 
Figure 14 (including some sample data for illustrative purposes only). This page 
can also be viewed by the networked entity by choosing item 4, 670, on the Web 
page 650 of Figure 17. The Web page 490 provides in general the networked entity 
identifier 495, here 45678LMO; plan ID 500, here 1234567XYZ; industry 505, here 

10 telecommunications; the name and contact information of the provider 510, here 
XYZ Telecommunication Company (no sample contact particulars); the title of the 
plan 515, here Plan X; the price of the -plan 520, here $40/mo.; the detailed 
description of the plan 525 (no sample data provided); and the market value of the 
plan 530 (if provided by the provider) here $70/mo. Additional information may be 

15 obtained by selecting the "More Information" 535 option which may be hyperlinked 
to the business entity's own Web page. If the registered consumer wishes to sign 
onto the plan, the "Accept" 540 option is chosen. For each registered consumer who 
chooses to sign onto a group benefits plan, the details of the transaction including 
the identity of the consumer, the plan ID, date, etc. are stored in the databases 16 

2 0 and properly catalogued for retrieval. 

If on the other hand, the registered consumer has chosen item 1, 705, (View 
v the List of Products and Services) of Figure 18, and chosen an industry, e.g. 
telecommunication, the networked entity is shown a list of business entities that 
have provided details of products and services. When a particular business entity is 

2 5 chosen off the list, the networked entity is shown a Web page 545 as illustrated in 

Figure 15 (including some sample data for illustrative purposes only). The Web 
page 545 provides in general the product/service identifier (ID) 550, here 
765432 1JKL; industry 555, here telecommunications; the name and contact 
information of the provider 560, here XYZ Telecommunication Company (no 

3 0 sample contact particulars); the name of the product or service 565, here mobile 
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phone Model Z; the price of the product/service, here $100.; the detailed description 
of the product/service (no sample data provided); and the market value of the 
product/service 580 (if provided by the provider) here $120. Additional information 
may be obtained by selecting the "More Information" 585 option which may be 
5 hyperlinked to the business entity's own Web page which describe the 
product/service in greater detail. If the registered consumer wishes to purchase the 
product/service, the "Add to Shopping Cart" 590 option is chosen. When the "Add 
to Shopping Cart" 590 option is chosen, the product/service ED 550 is temporarily 
stored in a temporary storage area of the databases 16, until the purchase is 

1 0 confirmed by the consumer. 

Once the selections of products/services and/or group benefits plans have 
been made by the networked consumers, the business entity needs to deliver the 
chosen products or perform the chosen services, and also to invoice the transactions, 
if necessary. To view the list of products and/or services chosen by the networked 

15 consumers, the business entity chooses item 5, 625, from the Web page 600 of 
Figure 16. This option shows a list of the registered consumers that have selected a 
product/service for purchase. The list can alternatively be viewed by the 
products/services chosen rather than by consumers. For each of the items on the 
list, the details of the transaction are provided which can include, the date, 

2 0 purchased price, product/service identifier, networked consumer identifier, 
associated networked entity identifier, number of units purchased, etc. The 
information can be linked to an invoicing system such that the purchased items may 
be invoiced to the consumer making the purchase. Alternatively, the invoice may be 
sent to the associated networked entity if the payment is to be made through a 

2 5 special account the networked consumer has with the networked entity. 

To view the selections made on the group benefits plans, the business entity 
selects item 6, 630, from the Web page 600 of Figure 16. This selection shows the 
following choices: 

3 0 1 . View the List of Negotiated Group Benefits Plans 
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2. View the List of Endorsed Group Benefits Plans 

3. View the List of Selected Group Benefits Plans 

Choosing item 1 above shows a list of the group benefits plans which have been 
5 negotiated with the various networked entities, and which have been configured by 
the business entity. The business entity will have access to all of the group benefits 
plans belonging to the various networked entities which the business entity took a 
part in. When one of the negotiated group benefits plans is selected, the business 
entity is shown the Web page 900 of Figure 12. 

1 0 Choosing item 2 above shows a list of the group benefits plans which have 

been endorsed by the various networked entities. When one of them is selected, the 
business entity is shown the Web page 490 of Figure 14. 

Choosing item 3 above shows a list of the registered consumers that have 
selected a group benefits plan. The list can alternatively viewed by the group 

15 benefits plans chosen. For each of the items on the list, a details of the transaction 
are provided which can include, the date, purchased price, group benefits plan 
identifier, networked consumer identifier, associated networked entity identifier, etc. 
The information can be linked to an invoicing system such that the plans may be 
invoiced to the associated networked entity. 

2 0, A number of payment schemes is possible. In the preferred embodiment, the 

payment of the group benefits plan is made by the networked entities and it follows 
the customary offline invoicing procedure of the networked entity 17. In one 
embodiment, the networked entity 17 is billed on a monthly basis. The payment is 
based on the number and type of group benefits plans signed on by the networked 

2 5 consumers, the details of which are provided along with the invoice. The details of 

the transactions can also be made available on the administrator's Web pages 18 and 
which can be accessed by the networked entity 1 7 having the proper login ID and 
password. Alternatively, the payment may be made on-line using any of the 
available on-line payment systems such as a secure credit card payment system 

3 0 which are well known those skilled in the art. 
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For the purchases of products/services made by the networked consumers 
25, the payment can be made either directly by the consumer 25 or via the 
networked entity's account. Where the payment is made directly by the consumer 
25, it may be made using any of the available on-line payment systems such as a 
5 secure credit card payment system. Alternatively, the consumer 25 may be billed 
offline. Where the payment is made through the networked entity's account, the 
payment is made using one of the payment schemes described above for the 
networked entity, and the amount is charged to the networked consumer's account 
with the networked entity, if any exists, or deducted from the networked consumer's 
10 salary if the networked consumer is an employee of the networked entity. 
Furthermore, if the group benefits plan is only partially subsidized by the network 
entity, the payment may also be made either directly by the consumer or via the 
consumer's account with the networked entity where the consumer is credited with 
the subsidy. Alternatively, the networked entity may make the payment, and the 
V15 networked consumer is responsible for paying the difference between the price and 
the subsidy, or this amount is charged to the consumer's account with networked 
entity. 

The present invention may be embodied in other specific forms without 
departing from the spirit or essential characteristics thereof. For instance, although 
.20 here it was described that an e-mail address and a password were used as an 
identifier for uniquely identifying a business entity, networked entity, and a 
networked (or registered) consumer, it should be understood, that other forms of 
identifier or identifiers may be used so long as they perform the same function as 
that which is shown and described herein. The presently disclosed embodiments are, 
2 5 therefore, to be considered in all respects as illustrative and not restrictive, the scope 
of the invention being indicated by the appended claims and all changes which come 
within the meaning and range of equivalency of the claims are, therefore, to be 
embraced therein. 
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